<![CDATA[Automation or Innovation?]]>Automation or Innovation?

Absorption or Containment?

"Does AI-assisted vulnerability discovery represent a categorical innovation in offensive cyber capability — a new class of finding previously unreachable by any combination of human and tool — or does it represent the automation and scaling of methods that already existed in the security-research repertoire?

The policy responses appropriate to each framing diverge sharply."

https://codeberg.org/tzafaar/Buffers_overflow_into_policy/src/branch/main/briefing%20notes/innovation-or-automation-v5.md

]]>https://board.circlewithadot.net/topic/efaf36cd-5f3e-470e-aa1d-117ced34fcf6/automation-or-innovationRSS for NodeThu, 14 May 2026 23:26:05 GMTMon, 11 May 2026 11:36:57 GMT60<![CDATA[Reply to Automation or Innovation? on Mon, 11 May 2026 22:02:06 GMT]]>@meartur fully agree! there must be a measurable "return" to justify any, even negligible, investment.

The best source i could find on the attacker perspective on this issue was the paper below.

According to the the paper, attackers will squeeze all the juice out of a working exploit before looking for a new one. Attackers will keep "harvesting" the same field (subset of software) as long as it remains fertile (i love analogies 🙂).

This was pre-LLM. We may have to wait for some empirical evidence...on modern farming practices.

Allodi, L., Massacci, F. and Williams, J. (2022), "The Work-Averse Cyberattacker Model: Theory and Evidence from Two Million Attack Signatures."

Checking your browser - reCAPTCHA

favicon

(pmc.ncbi.nlm.nih.gov)

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/aristot73/statuses/116558196040640842https://board.circlewithadot.net/post/https://infosec.exchange/users/aristot73/statuses/116558196040640842Mon, 11 May 2026 22:02:06 GMT<![CDATA[Reply to Automation or Innovation? on Mon, 11 May 2026 21:36:01 GMT]]>@aristot73 Agreed! I'd add that cost collapse isn't the whole story though. Some searches wouldn't happen at any price because some software/bugs might simply be uninteresting to people.

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/meartur/statuses/116558093451880836https://board.circlewithadot.net/post/https://infosec.exchange/users/meartur/statuses/116558093451880836Mon, 11 May 2026 21:36:01 GMT<![CDATA[Reply to Automation or Innovation? on Mon, 11 May 2026 12:28:01 GMT]]>☝@meartur

]]>https://board.circlewithadot.net/post/https://infosec.exchange/users/aristot73/statuses/116555938633565549https://board.circlewithadot.net/post/https://infosec.exchange/users/aristot73/statuses/116555938633565549Mon, 11 May 2026 12:28:01 GMT